Okta API (2.4.0)

Download OpenAPI specification:Download

Allows customers to easily access the Okta API

Authentication

api_token

SSWS {API Token}

Security Scheme Type API Key
Header parameter name: Authorization

Application

List Applications

Enumerates apps added to your organization with pagination. A subset of apps can be returned that match a supported filter expression or query.

Authorizations:
query Parameters
q
string
after
string

Specifies the pagination cursor for the next page of apps

limit
integer <int32>
Default: -1

Specifies the number of results for a page

filter
string

Filters apps by status, user.id, group.id or credentials.signing.kid expression

expand
string

Traverses users link relationship and optionally embeds Application User resource

includeNonDeleted
boolean
Default: false

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add Application

Adds a new application to your Okta organization.

Authorizations:
query Parameters
activate
boolean
Default: true

Executes activation lifecycle operation when creating the app

header Parameters
OktaAccessGateway-Agent
string
Request Body schema: application/json
object (ApplicationAccessibility)
object (ApplicationCredentials)
features
Array of strings
label
string
object (ApplicationLicensing)
object
object (ApplicationSettings)
signOnMode
string (ApplicationSignOnMode)
Enum: "BOOKMARK" "BASIC_AUTH" "BROWSER_PLUGIN" "SECURE_PASSWORD_STORE" "AUTO_LOGIN" "WS_FEDERATION" "SAML_2_0" "OPENID_CONNECT" "SAML_1_1"
object (ApplicationVisibility)

Responses

Request samples

Content type
application/json
{
  • "accessibility": {
    },
  • "credentials": {
    },
  • "features": [
    ],
  • "label": "string",
  • "licensing": {
    },
  • "profile": {
    },
  • "settings": {
    },
  • "signOnMode": "BOOKMARK",
  • "visibility": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "accessibility": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "features": [
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    },
  • "name": "string",
  • "profile": {
    },
  • "settings": {
    },
  • "signOnMode": "BOOKMARK",
  • "status": "ACTIVE",
  • "visibility": {
    }
}

Delete Application

Removes an inactive application.

Authorizations:
path Parameters
appId
required
string

Responses

Get Application

Fetches an application from your Okta organization by id.

Authorizations:
path Parameters
appId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "accessibility": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "features": [
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    },
  • "name": "string",
  • "profile": {
    },
  • "settings": {
    },
  • "signOnMode": "BOOKMARK",
  • "status": "ACTIVE",
  • "visibility": {
    }
}

Update Application

Updates an application in your organization.

Authorizations:
path Parameters
appId
required
string
Request Body schema: application/json
object (ApplicationAccessibility)
object (ApplicationCredentials)
features
Array of strings
label
string
object (ApplicationLicensing)
object
object (ApplicationSettings)
signOnMode
string (ApplicationSignOnMode)
Enum: "BOOKMARK" "BASIC_AUTH" "BROWSER_PLUGIN" "SECURE_PASSWORD_STORE" "AUTO_LOGIN" "WS_FEDERATION" "SAML_2_0" "OPENID_CONNECT" "SAML_1_1"
object (ApplicationVisibility)

Responses

Request samples

Content type
application/json
{
  • "accessibility": {
    },
  • "credentials": {
    },
  • "features": [
    ],
  • "label": "string",
  • "licensing": {
    },
  • "profile": {
    },
  • "settings": {
    },
  • "signOnMode": "BOOKMARK",
  • "visibility": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "accessibility": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "features": [
    ],
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "licensing": {
    },
  • "name": "string",
  • "profile": {
    },
  • "settings": {
    },
  • "signOnMode": "BOOKMARK",
  • "status": "ACTIVE",
  • "visibility": {
    }
}

List Certificate Signing Requests for Application

Enumerates Certificate Signing Requests for an application

Authorizations:
path Parameters
appId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Generate Certificate Signing Request for Application

Generates a new key pair and returns the Certificate Signing Request for it.

Authorizations:
path Parameters
appId
required
string
Request Body schema: application/json
object (CsrMetadataSubject)
object (CsrMetadataSubjectAltNames)

Responses

Request samples

Content type
application/json
{
  • "subject": {
    },
  • "subjectAltNames": {
    }
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

revokeCsrFromApplication

Authorizations:
path Parameters
appId
required
string
csrId
required
string

Responses

getCsrForApplication

Authorizations:
path Parameters
appId
required
string
csrId
required
string

Responses

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

<no summary>

Authorizations:
path Parameters
appId
required
string
csrId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

List Key Credentials for Application

Enumerates key credentials for an application

Authorizations:
path Parameters
appId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

generateApplicationKey

Generates a new X.509 certificate for an application key credential

Authorizations:
path Parameters
appId
required
string
query Parameters
validityYears
integer

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Get Key Credential for Application

Gets a specific application key credential by kid

Authorizations:
path Parameters
appId
required
string
keyId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Clone Application Key Credential

Clones a X.509 certificate for an application key credential from a source application to target application.

Authorizations:
path Parameters
appId
required
string
keyId
required
string
query Parameters
targetAid
required
string

Unique key of the target Application

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

listScopeConsentGrants

Lists all scope consent grants for the application

Authorizations:
path Parameters
appId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

grantConsentToScope

Grants consent for the application to request an OAuth 2.0 Okta scope

Authorizations:
path Parameters
appId
required
string
Request Body schema: application/json
clientId
string
object (OAuth2Actor)
issuer
string
scopeId
string
source
string (OAuth2ScopeConsentGrantSource)
Enum: "END_USER" "ADMIN"
status
string (OAuth2ScopeConsentGrantStatus)
Enum: "ACTIVE" "REVOKED"
userId
string

Responses

Request samples

Content type
application/json
{
  • "clientId": "string",
  • "createdBy": {
    },
  • "issuer": "string",
  • "scopeId": "string",
  • "source": "END_USER",
  • "status": "ACTIVE",
  • "userId": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    },
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopeId": "string",
  • "source": "END_USER",
  • "status": "ACTIVE",
  • "userId": "string"
}

revokeScopeConsentGrant

Revokes permission for the application to request the given scope

Authorizations:
path Parameters
appId
required
string
grantId
required
string

Responses

getScopeConsentGrant

Fetches a single scope consent grant for the application

Authorizations:
path Parameters
appId
required
string
grantId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    },
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopeId": "string",
  • "source": "END_USER",
  • "status": "ACTIVE",
  • "userId": "string"
}

List Groups Assigned to Application

Enumerates group assignments for an application.

Authorizations:
path Parameters
appId
required
string
query Parameters
q
string
after
string

Specifies the pagination cursor for the next page of assignments

limit
integer <int32>
Default: -1

Specifies the number of results for a page

expand
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Remove Group from Application

Removes a group assignment from an application.

Authorizations:
path Parameters
appId
required
string
groupId
required
string

Responses

Get Assigned Group for Application

Fetches an application group assignment

Authorizations:
path Parameters
appId
required
string
groupId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "priority": 0,
  • "profile": {
    }
}

Assign Group to Application

Assigns a group to an application

Authorizations:
path Parameters
appId
required
string
groupId
required
string
Request Body schema: application/json
priority
integer
object

Responses

Request samples

Content type
application/json
{
  • "priority": 0,
  • "profile": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "priority": 0,
  • "profile": {
    }
}

Activate Application

Activates an inactive application.

Authorizations:
path Parameters
appId
required
string

Responses

Deactivate Application

Deactivates an active application.

Authorizations:
path Parameters
appId
required
string

Responses

revokeOAuth2TokensForApplication

Revokes all tokens for the specified application

Authorizations:
path Parameters
appId
required
string

Responses

listOAuth2TokensForApplication

Lists all tokens for the application

Authorizations:
path Parameters
appId
required
string
query Parameters
expand
string
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeOAuth2TokenForApplication

Revokes the specified token for the specified application

Authorizations:
path Parameters
appId
required
string
tokenId
required
string

Responses

getOAuth2TokenForApplication

Gets a token for the specified application

Authorizations:
path Parameters
appId
required
string
tokenId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopes": [
    ],
  • "status": "ACTIVE",
  • "userId": "string"
}

List Users Assigned to Application

Enumerates all assigned application users for an application.

Authorizations:
path Parameters
appId
required
string
query Parameters
q
string
query_scope
string
after
string

specifies the pagination cursor for the next page of assignments

limit
integer <int32>
Default: -1

specifies the number of results for a page

filter
string
expand
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Assign User to Application for SSO & Provisioning

Assigns an user to an application with credentials and an app-specific profile. Profile mappings defined for the application are first applied before applying any profile properties specified in the request.

Authorizations:
path Parameters
appId
required
string
Request Body schema: application/json
object (AppUserCredentials)
id
string
object
scope
string

Responses

Request samples

Content type
application/json
{
  • "credentials": {
    },
  • "id": "string",
  • "profile": {
    },
  • "scope": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "externalId": "string",
  • "id": "string",
  • "lastSync": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "scope": "string",
  • "status": "string",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "syncState": "string"
}

Remove User from Application

Removes an assignment for a user from an application.

Authorizations:
path Parameters
appId
required
string
userId
required
string
query Parameters
sendEmail
boolean
Default: false

Responses

Get Assigned User for Application

Fetches a specific user assignment for application by id.

Authorizations:
path Parameters
appId
required
string
userId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "externalId": "string",
  • "id": "string",
  • "lastSync": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "scope": "string",
  • "status": "string",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "syncState": "string"
}

Update Application Profile for Assigned User

Updates a user's profile for an application

Authorizations:
path Parameters
appId
required
string
userId
required
string
Request Body schema: application/json
object (AppUserCredentials)
id
string
object
scope
string

Responses

Request samples

Content type
application/json
{
  • "credentials": {
    },
  • "id": "string",
  • "profile": {
    },
  • "scope": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "externalId": "string",
  • "id": "string",
  • "lastSync": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "scope": "string",
  • "status": "string",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "syncState": "string"
}

AuthorizationServer

listAuthorizationServers

Success

Authorizations:
query Parameters
q
string
limit
string
after
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createAuthorizationServer

Success

Authorizations:
Request Body schema: application/json
audiences
Array of strings
object (AuthorizationServerCredentials)
description
string
issuer
string
issuerMode
string
Enum: "ORG_URL" "CUSTOM_URL"
name
string
status
string
Enum: "ACTIVE" "INACTIVE"

Responses

Request samples

Content type
application/json
{
  • "audiences": [
    ],
  • "credentials": {
    },
  • "description": "string",
  • "issuer": "string",
  • "issuerMode": "ORG_URL",
  • "name": "string",
  • "status": "ACTIVE"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "audiences": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE"
}

deleteAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

getAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "audiences": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE"
}

updateAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string
Request Body schema: application/json
audiences
Array of strings
object (AuthorizationServerCredentials)
description
string
issuer
string
issuerMode
string
Enum: "ORG_URL" "CUSTOM_URL"
name
string
status
string
Enum: "ACTIVE" "INACTIVE"

Responses

Request samples

Content type
application/json
{
  • "audiences": [
    ],
  • "credentials": {
    },
  • "description": "string",
  • "issuer": "string",
  • "issuerMode": "ORG_URL",
  • "name": "string",
  • "status": "ACTIVE"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "audiences": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "description": "string",
  • "id": "string",
  • "issuer": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE"
}

listOAuth2Claims

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createOAuth2Claim

Success

Authorizations:
path Parameters
authServerId
required
string
Request Body schema: application/json
alwaysIncludeInToken
boolean
claimType
string
Enum: "IDENTITY" "RESOURCE"
object (OAuth2ClaimConditions)
group_filter_type
string
Enum: "STARTS_WITH" "EQUALS" "CONTAINS" "REGEX"
name
string
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
value
string
valueType
string
Enum: "EXPRESSION" "GROUPS" "SYSTEM"

Responses

Request samples

Content type
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    },
  • "group_filter_type": "STARTS_WITH",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    },
  • "group_filter_type": "STARTS_WITH",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}

deleteOAuth2Claim

Success

Authorizations:
path Parameters
authServerId
required
string
claimId
required
string

Responses

getOAuth2Claim

Success

Authorizations:
path Parameters
authServerId
required
string
claimId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    },
  • "group_filter_type": "STARTS_WITH",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}

updateOAuth2Claim

Success

Authorizations:
path Parameters
authServerId
required
string
claimId
required
string
Request Body schema: application/json
alwaysIncludeInToken
boolean
claimType
string
Enum: "IDENTITY" "RESOURCE"
object (OAuth2ClaimConditions)
group_filter_type
string
Enum: "STARTS_WITH" "EQUALS" "CONTAINS" "REGEX"
name
string
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
value
string
valueType
string
Enum: "EXPRESSION" "GROUPS" "SYSTEM"

Responses

Request samples

Content type
application/json
{
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    },
  • "group_filter_type": "STARTS_WITH",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alwaysIncludeInToken": true,
  • "claimType": "IDENTITY",
  • "conditions": {
    },
  • "group_filter_type": "STARTS_WITH",
  • "id": "string",
  • "name": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "value": "string",
  • "valueType": "EXPRESSION"
}

listOAuth2ClientsForAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeRefreshTokensForAuthorizationServerAndClient

Success

Authorizations:
path Parameters
authServerId
required
string
clientId
required
string

Responses

listRefreshTokensForAuthorizationServerAndClient

Success

Authorizations:
path Parameters
authServerId
required
string
clientId
required
string
query Parameters
expand
string
after
string
limit
integer <int32>
Default: -1

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeRefreshTokenForAuthorizationServerAndClient

Success

Authorizations:
path Parameters
authServerId
required
string
clientId
required
string
tokenId
required
string

Responses

getRefreshTokenForAuthorizationServerAndClient

Success

Authorizations:
path Parameters
authServerId
required
string
clientId
required
string
tokenId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    },
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopes": [
    ],
  • "status": "ACTIVE",
  • "userId": "string"
}

listAuthorizationServerKeys

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

rotateAuthorizationServerKeys

Success

Authorizations:
path Parameters
authServerId
required
string
Request Body schema: application/json
use
string
Value: "sig"

Responses

Request samples

Content type
application/json
{
  • "use": "sig"
}

Response samples

Content type
application/json
[
  • {
    }
]

activateAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

deactivateAuthorizationServer

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

listAuthorizationServerPolicies

Success

Authorizations:
path Parameters
authServerId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createAuthorizationServerPolicy

Success

Authorizations:
path Parameters
authServerId
required
string
Request Body schema: application/json
object (PolicyRuleConditions)
description
string
name
string
priority
integer
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (PolicyType)
Enum: "OAUTH_AUTHORIZATION_POLICY" "OKTA_SIGN_ON" "PASSWORD" "IDP_DISCOVERY"

Responses

Request samples

Content type
application/json
{
  • "conditions": {
    },
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

deleteAuthorizationServerPolicy

Success

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string

Responses

getAuthorizationServerPolicy

Success

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

updateAuthorizationServerPolicy

Success

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string
Request Body schema: application/json
object (PolicyRuleConditions)
description
string
name
string
priority
integer
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (PolicyType)
Enum: "OAUTH_AUTHORIZATION_POLICY" "OKTA_SIGN_ON" "PASSWORD" "IDP_DISCOVERY"

Responses

Request samples

Content type
application/json
{
  • "conditions": {
    },
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

activateAuthorizationServerPolicy

Activate Authorization Server Policy

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string

Responses

deactivateAuthorizationServerPolicy

Deactivate Authorization Server Policy

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string

Responses

listAuthorizationServerPolicyRules

Enumerates all policy rules for the specified Custom Authorization Server and Policy.

Authorizations:
path Parameters
policyId
required
string
authServerId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createAuthorizationServerPolicyRule

Creates a policy rule for the specified Custom Authorization Server and Policy.

Authorizations:
path Parameters
policyId
required
string
authServerId
required
string
Request Body schema: application/json
object (AuthorizationServerPolicyRuleActions)
object (AuthorizationServerPolicyRuleConditions)
name
string
priority
integer
status
string
Default: "ACTIVE"
Enum: "ACTIVE" "INACTIVE"
system
boolean
Default: false
type
string
Value: "RESOURCE_ACCESS"

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "RESOURCE_ACCESS"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "RESOURCE_ACCESS"
}

deleteAuthorizationServerPolicyRule

Deletes a Policy Rule defined in the specified Custom Authorization Server and Policy.

Authorizations:
path Parameters
policyId
required
string
authServerId
required
string
ruleId
required
string

Responses

getAuthorizationServerPolicyRule

Returns a Policy Rule by ID that is defined in the specified Custom Authorization Server and Policy.

Authorizations:
path Parameters
policyId
required
string
authServerId
required
string
ruleId
required
string

Responses

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "RESOURCE_ACCESS"
}

updateAuthorizationServerPolicyRule

Updates the configuration of the Policy Rule defined in the specified Custom Authorization Server and Policy.

Authorizations:
path Parameters
policyId
required
string
authServerId
required
string
ruleId
required
string
Request Body schema: application/json
object (AuthorizationServerPolicyRuleActions)
object (AuthorizationServerPolicyRuleConditions)
name
string
priority
integer
status
string
Default: "ACTIVE"
Enum: "ACTIVE" "INACTIVE"
system
boolean
Default: false
type
string
Value: "RESOURCE_ACCESS"

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "RESOURCE_ACCESS"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "RESOURCE_ACCESS"
}

activateAuthorizationServerPolicyRule

Activate Authorization Server Policy Rule

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string
ruleId
required
string

Responses

deactivateAuthorizationServerPolicyRule

Deactivate Authorization Server Policy Rule

Authorizations:
path Parameters
authServerId
required
string
policyId
required
string
ruleId
required
string

Responses

listOAuth2Scopes

Success

Authorizations:
path Parameters
authServerId
required
string
query Parameters
q
string
filter
string
cursor
string
limit
integer <int32>
Default: -1

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createOAuth2Scope

Success

Authorizations:
path Parameters
authServerId
required
string
Request Body schema: application/json
consent
string
Enum: "REQUIRED" "IMPLICIT" "ADMIN"
default
boolean
description
string
displayName
string
metadataPublish
string
Enum: "ALL_CLIENTS" "NO_CLIENTS"
name
string
system
boolean

Responses

Request samples

Content type
application/json
{
  • "consent": "REQUIRED",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "metadataPublish": "ALL_CLIENTS",
  • "name": "string",
  • "system": true
}

Response samples

Content type
application/json
{
  • "consent": "REQUIRED",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "metadataPublish": "ALL_CLIENTS",
  • "name": "string",
  • "system": true
}

deleteOAuth2Scope

Success

Authorizations:
path Parameters
authServerId
required
string
scopeId
required
string

Responses

getOAuth2Scope

Success

Authorizations:
path Parameters
authServerId
required
string
scopeId
required
string

Responses

Response samples

Content type
application/json
{
  • "consent": "REQUIRED",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "metadataPublish": "ALL_CLIENTS",
  • "name": "string",
  • "system": true
}

updateOAuth2Scope

Success

Authorizations:
path Parameters
authServerId
required
string
scopeId
required
string
Request Body schema: application/json
consent
string
Enum: "REQUIRED" "IMPLICIT" "ADMIN"
default
boolean
description
string
displayName
string
metadataPublish
string
Enum: "ALL_CLIENTS" "NO_CLIENTS"
name
string
system
boolean

Responses

Request samples

Content type
application/json
{
  • "consent": "REQUIRED",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "metadataPublish": "ALL_CLIENTS",
  • "name": "string",
  • "system": true
}

Response samples

Content type
application/json
{
  • "consent": "REQUIRED",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "metadataPublish": "ALL_CLIENTS",
  • "name": "string",
  • "system": true
}

EventHook

listEventHooks

Success

Authorizations:

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createEventHook

Success

Authorizations:
Request Body schema: application/json
object (EventHookChannel)
createdBy
string
object (EventSubscriptions)
name
string
status
string
Enum: "ACTIVE" "INACTIVE"
verificationStatus
string
Enum: "UNVERIFIED" "VERIFIED"

Responses

Request samples

Content type
application/json
{
  • "channel": {
    },
  • "createdBy": "string",
  • "events": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

deleteEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string

Responses

getEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

updateEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string
Request Body schema: application/json
object (EventHookChannel)
createdBy
string
object (EventSubscriptions)
name
string
status
string
Enum: "ACTIVE" "INACTIVE"
verificationStatus
string
Enum: "UNVERIFIED" "VERIFIED"

Responses

Request samples

Content type
application/json
{
  • "channel": {
    },
  • "createdBy": "string",
  • "events": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

activateEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

deactivateEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

verifyEventHook

Success

Authorizations:
path Parameters
eventHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "events": {
    },
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "verificationStatus": "UNVERIFIED"
}

Feature

listFeatures

Success

Authorizations:

Responses

Response samples

Content type
application/json
[
  • {
    }
]

getFeature

Success

Authorizations:
path Parameters
featureId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "description": "string",
  • "id": "string",
  • "name": "string",
  • "stage": {
    },
  • "status": "ENABLED",
  • "type": "self-service"
}

listFeatureDependencies

Success

Authorizations:
path Parameters
featureId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

listFeatureDependents

Success

Authorizations:
path Parameters
featureId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

updateFeatureLifecycle

Success

Authorizations:
path Parameters
featureId
required
string
lifecycle
required
string
query Parameters
mode
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "description": "string",
  • "id": "string",
  • "name": "string",
  • "stage": {
    },
  • "status": "ENABLED",
  • "type": "self-service"
}

Group

List Groups

Enumerates groups in your organization with pagination. A subset of groups can be returned that match a supported filter expression or query.

Authorizations:
query Parameters
q
string

Searches the name property of groups for matching value

filter
string

Filter expression for groups

after
string

Specifies the pagination cursor for the next page of groups

limit
integer <int32>
Default: 10000

Specifies the number of group results in a page

expand
string

If specified, it causes additional metadata to be included in the response.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add Group

Adds a new group with OKTA_GROUP type to your organization.

Authorizations:
Request Body schema: application/json
object (GroupProfile)
type
string (GroupType)
Enum: "OKTA_GROUP" "APP_GROUP" "BUILT_IN"

Responses

Request samples

Content type
application/json
{
  • "profile": {
    },
  • "type": "OKTA_GROUP"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastMembershipUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "objectClass": [
    ],
  • "profile": {
    },
  • "type": "OKTA_GROUP"
}

List Group Rules

Lists all group rules for your organization.

Authorizations:
query Parameters
limit
integer <int32>
Default: 50

Specifies the number of rule results in a page

after
string

Specifies the pagination cursor for the next page of rules

search
string

Specifies the keyword to search fules for

expand
string

If specified as groupIdToGroupNameMap, then show group names

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create Group Rule

Creates a group rule to dynamically add users to the specified group if they match the condition

Authorizations:
Request Body schema: application/json
object (GroupRuleAction)
object (GroupRuleConditions)
name
string
status
string (GroupRuleStatus)
Enum: "ACTIVE" "INACTIVE" "INVALID"
type
string

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "string"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "string"
}

Delete a group Rule

Removes a specific group rule by id from your organization

Authorizations:
path Parameters
ruleId
required
string

Responses

Get Group Rule

Fetches a specific group rule by id from your organization

Authorizations:
path Parameters
ruleId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "string"
}

updateGroupRule

Updates a group rule. Only INACTIVE rules can be updated.

Authorizations:
path Parameters
ruleId
required
string
Request Body schema: application/json
object (GroupRuleAction)
object (GroupRuleConditions)
name
string
status
string (GroupRuleStatus)
Enum: "ACTIVE" "INACTIVE" "INVALID"
type
string

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "string"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "string"
}

Activate a group Rule

Activates a specific group rule by id from your organization

Authorizations:
path Parameters
ruleId
required
string

Responses

Deactivate a group Rule

Deactivates a specific group rule by id from your organization

Authorizations:
path Parameters
ruleId
required
string

Responses

Remove Group

Removes a group with OKTA_GROUP type from your organization.

Authorizations:
path Parameters
groupId
required
string

Responses

List Group Rules

Lists all group rules for your organization.

Authorizations:
path Parameters
groupId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastMembershipUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "objectClass": [
    ],
  • "profile": {
    },
  • "type": "OKTA_GROUP"
}

Update Group

Updates the profile for a group with OKTA_GROUP type from your organization.

Authorizations:
path Parameters
groupId
required
string
Request Body schema: application/json
object (GroupProfile)
type
string (GroupType)
Enum: "OKTA_GROUP" "APP_GROUP" "BUILT_IN"

Responses

Request samples

Content type
application/json
{
  • "profile": {
    },
  • "type": "OKTA_GROUP"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastMembershipUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "objectClass": [
    ],
  • "profile": {
    },
  • "type": "OKTA_GROUP"
}

List Assigned Applications

Enumerates all applications that are assigned to a group.

Authorizations:
path Parameters
groupId
required
string
query Parameters
after
string

Specifies the pagination cursor for the next page of apps

limit
integer <int32>
Default: 20

Specifies the number of app results for a page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

listGroupAssignedRoles

Success

Authorizations:
path Parameters
groupId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

assignRoleToGroup

Assigns a Role to a Group

Authorizations:
path Parameters
groupId
required
string
query Parameters
disableNotifications
string
Request Body schema: application/json
type
string (RoleType)
Enum: "SUPER_ADMIN" "ORG_ADMIN" "APP_ADMIN" "USER_ADMIN" "HELP_DESK_ADMIN" "READ_ONLY_ADMIN" "MOBILE_ADMIN" "API_ACCESS_MANAGEMENT_ADMIN" "REPORT_ADMIN"

Responses

Request samples

Content type
application/json
{
  • "type": "SUPER_ADMIN"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "assignmentType": "GROUP",
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "status": "ACTIVE",
  • "type": "SUPER_ADMIN"
}

removeRoleFromGroup

Unassigns a Role from a Group

Authorizations:
path Parameters
groupId
required
string
roleId
required
string

Responses

getRole

Success

Authorizations:
path Parameters
groupId
required
string
roleId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "assignmentType": "GROUP",
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "status": "ACTIVE",
  • "type": "SUPER_ADMIN"
}

listApplicationTargetsForApplicationAdministratorRoleForGroup

Lists all App targets for an APP_ADMIN Role assigned to a Group. This methods return list may include full Applications or Instances. The response for an instance will have an ID value, while Application will not have an ID.

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
query Parameters
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

removeApplicationTargetFromApplicationAdministratorRoleGivenToGroup

Success

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
appName
required
string

Responses

addApplicationTargetToAdminRoleGivenToGroup

Success

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
appName
required
string

Responses

Remove App Instance Target to App Administrator Role given to a Group

Remove App Instance Target to App Administrator Role given to a Group

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
appName
required
string
applicationId
required
string

Responses

Add App Instance Target to App Administrator Role given to a Group

Add App Instance Target to App Administrator Role given to a Group

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
appName
required
string
applicationId
required
string

Responses

listGroupTargetsForGroupRole

Success

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
query Parameters
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

removeGroupTargetFromGroupAdministratorRoleGivenToGroup

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
targetGroupId
required
string

Responses

addGroupTargetToGroupAdministratorRoleForGroup

Authorizations:
path Parameters
groupId
required
string
roleId
required
string
targetGroupId
required
string

Responses

List Group Members

Enumerates all users that are a member of a group.

Authorizations:
path Parameters
groupId
required
string
query Parameters
after
string

Specifies the pagination cursor for the next page of users

limit
integer <int32>
Default: 1000

Specifies the number of user results in a page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Remove User from Group

Removes a user from a group with 'OKTA_GROUP' type.

Authorizations:
path Parameters
groupId
required
string
userId
required
string

Responses

Add User to Group

Adds a user to a group with 'OKTA_GROUP' type.

Authorizations:
path Parameters
groupId
required
string
userId
required
string

Responses

IdentityProvider

List Identity Providers

Enumerates IdPs in your organization with pagination. A subset of IdPs can be returned that match a supported filter expression or query.

Authorizations:
query Parameters
q
string

Searches the name property of IdPs for matching value

after
string

Specifies the pagination cursor for the next page of IdPs

limit
integer <int32>
Default: 20

Specifies the number of IdP results in a page

type
string

Filters IdPs by type

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add Identity Provider

Adds a new IdP to your organization.

Authorizations:
Request Body schema: application/json
issuerMode
string
Enum: "ORG_URL" "CUSTOM_URL_DOMAIN"
name
string
object (IdentityProviderPolicy)
object (Protocol)
status
string
Enum: "ACTIVE" "INACTIVE"
type
string
Enum: "SAML2" "GOOGLE" "FACEBOOK" "LINKEDIN" "MICROSOFT" "OIDC" "OKTA" "IWA" "AgentlessDSSO" "X509"

Responses

Request samples

Content type
application/json
{
  • "issuerMode": "ORG_URL",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

List Keys

Enumerates IdP key credentials.

Authorizations:
query Parameters
after
string

Specifies the pagination cursor for the next page of keys

limit
integer <int32>
Default: 20

Specifies the number of key results in a page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add X.509 Certificate Public Key

Adds a new X.509 certificate credential to the IdP key store.

Authorizations:
Request Body schema: application/json
alg
string
created
string <date-time>
e
string
expiresAt
string <date-time>
key_ops
Array of strings
kid
string
kty
string
lastUpdated
string <date-time>
n
string
status
string
use
string
x5c
Array of strings
x5t
string
x5t#S256
string
x5u
string

Responses

Request samples

Content type
application/json
{
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Delete Key

Deletes a specific IdP Key Credential by kid if it is not currently being used by an Active or Inactive IdP.

Authorizations:
path Parameters
keyId
required
string

Responses

Get Key

Gets a specific IdP Key Credential by kid

Authorizations:
path Parameters
keyId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Delete Identity Provider

Removes an IdP from your organization.

Authorizations:
path Parameters
idpId
required
string

Responses

Get Identity Provider

Fetches an IdP by id.

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

Update Identity Provider

Updates the configuration for an IdP.

Authorizations:
path Parameters
idpId
required
string
Request Body schema: application/json
issuerMode
string
Enum: "ORG_URL" "CUSTOM_URL_DOMAIN"
name
string
object (IdentityProviderPolicy)
object (Protocol)
status
string
Enum: "ACTIVE" "INACTIVE"
type
string
Enum: "SAML2" "GOOGLE" "FACEBOOK" "LINKEDIN" "MICROSOFT" "OIDC" "OKTA" "IWA" "AgentlessDSSO" "X509"

Responses

Request samples

Content type
application/json
{
  • "issuerMode": "ORG_URL",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

List Certificate Signing Requests for IdP

Enumerates Certificate Signing Requests for an IdP

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Generate Certificate Signing Request for IdP

Generates a new key pair and returns a Certificate Signing Request for it.

Authorizations:
path Parameters
idpId
required
string
Request Body schema: application/json
object (CsrMetadataSubject)
object (CsrMetadataSubjectAltNames)

Responses

Request samples

Content type
application/json
{
  • "subject": {
    },
  • "subjectAltNames": {
    }
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

revokeCsrForIdentityProvider

Revoke a Certificate Signing Request and delete the key pair from the IdP

Authorizations:
path Parameters
idpId
required
string
csrId
required
string

Responses

getCsrForIdentityProvider

Gets a specific Certificate Signing Request model by id

Authorizations:
path Parameters
idpId
required
string
csrId
required
string

Responses

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "csr": "string",
  • "id": "string",
  • "kty": "string"
}

Update the Certificate Signing Request with a sign

Update the Certificate Signing Request with a signed X.509 certificate and add it into the signing key credentials for the IdP.

Authorizations:
path Parameters
idpId
required
string
csrId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

List Signing Key Credentials for IdP

Enumerates signing key credentials for an IdP

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Generate New IdP Signing Key Credential

Generates a new X.509 certificate for an IdP signing key credential to be used for signing assertions sent to the IdP

Authorizations:
path Parameters
idpId
required
string
query Parameters
validityYears
required
integer <int32>

expiry of the IdP Key Credential

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Get Signing Key Credential for IdP

Gets a specific IdP Key Credential by kid

Authorizations:
path Parameters
idpId
required
string
keyId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Clone Signing Key Credential for IdP

Clones a X.509 certificate for an IdP signing key credential from a source IdP to target IdP

Authorizations:
path Parameters
idpId
required
string
keyId
required
string
query Parameters
targetIdpId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "alg": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "e": "string",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "key_ops": [
    ],
  • "kid": "string",
  • "kty": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "n": "string",
  • "status": "string",
  • "use": "string",
  • "x5c": [
    ],
  • "x5t": "string",
  • "x5t#S256": "string",
  • "x5u": "string"
}

Activate Identity Provider

Activates an inactive IdP.

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

Deactivate Identity Provider

Deactivates an active IdP.

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuerMode": "ORG_URL",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "policy": {
    },
  • "protocol": {
    },
  • "status": "ACTIVE",
  • "type": "SAML2"
}

Find Users

Find all the users linked to an identity provider

Authorizations:
path Parameters
idpId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Unlink User from IdP

Removes the link between the Okta user and the IdP user.

Authorizations:
path Parameters
idpId
required
string
userId
required
string

Responses

getIdentityProviderApplicationUser

Fetches a linked IdP user by ID

Authorizations:
path Parameters
idpId
required
string
userId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "string",
  • "externalId": "string",
  • "id": "string",
  • "lastUpdated": "string",
  • "profile": {
    }
}

Link a user to a Social IdP without a transaction

Links an Okta user to an existing Social Identity Provider. This does not support the SAML2 Identity Provider Type

Authorizations:
path Parameters
idpId
required
string
userId
required
string
Request Body schema: application/json
externalId
string

Responses

Request samples

Content type
application/json
{
  • "externalId": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "string",
  • "externalId": "string",
  • "id": "string",
  • "lastUpdated": "string",
  • "profile": {
    }
}

Social Authentication Token Operation

Fetches the tokens minted by the Social Authentication Provider when the user authenticates with Okta via Social Auth.

Authorizations:
path Parameters
idpId
required
string
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

InlineHook

listInlineHooks

Success

Authorizations:
query Parameters
type
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createInlineHook

Success

Authorizations:
Request Body schema: application/json
object (InlineHookChannel)
name
string
status
string (InlineHookStatus)
Enum: "ACTIVE" "INACTIVE"
type
string (InlineHookType)
Enum: "com.okta.oauth2.tokens.transform" "com.okta.import.transform" "com.okta.saml.tokens.transform" "com.okta.user.pre-registration" "com.okta.user.credential.password.import"
version
string

Responses

Request samples

Content type
application/json
{
  • "channel": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

deleteInlineHook

Deletes the Inline Hook matching the provided id. Once deleted, the Inline Hook is unrecoverable. As a safety precaution, only Inline Hooks with a status of INACTIVE are eligible for deletion.

Authorizations:
path Parameters
inlineHookId
required
string

Responses

getInlineHook

Gets an inline hook by ID

Authorizations:
path Parameters
inlineHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

updateInlineHook

Updates an inline hook by ID

Authorizations:
path Parameters
inlineHookId
required
string
Request Body schema: application/json
object (InlineHookChannel)
name
string
status
string (InlineHookStatus)
Enum: "ACTIVE" "INACTIVE"
type
string (InlineHookType)
Enum: "com.okta.oauth2.tokens.transform" "com.okta.import.transform" "com.okta.saml.tokens.transform" "com.okta.user.pre-registration" "com.okta.user.credential.password.import"
version
string

Responses

Request samples

Content type
application/json
{
  • "channel": {
    },
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

executeInlineHook

Executes the Inline Hook matching the provided inlineHookId using the request body as the input. This will send the provided data through the Channel and return a response if it matches the correct data contract. This execution endpoint should only be used for testing purposes.

Authorizations:
path Parameters
inlineHookId
required
string
Request Body schema: application/json
object (InlineHookPayload)

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "commands": [
    ]
}

activateInlineHook

Activates the Inline Hook matching the provided id

Authorizations:
path Parameters
inlineHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

deactivateInlineHook

Deactivates the Inline Hook matching the provided id

Authorizations:
path Parameters
inlineHookId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "channel": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "status": "ACTIVE",
  • "type": "com.okta.oauth2.tokens.transform",
  • "version": "string"
}

Log

Fetch a list of events from your Okta organization system log.

The Okta System Log API provides read access to your organization’s system log. This API provides more functionality than the Events API

Authorizations:
query Parameters
since
string <date-time>
until
string <date-time>
filter
string
q
string
limit
integer
Default: 100
sortOrder
string
Default: "ASCENDING"
after
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

ProfileMapping

listProfileMappings

Enumerates Profile Mappings in your organization with pagination.

Authorizations:
query Parameters
after
string
limit
integer <int32>
Default: -1
sourceId
string
targetId
string
Default: ""

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get Profile Mapping

Fetches a single Profile Mapping referenced by its ID.

Authorizations:
path Parameters
mappingId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "id": "string",
  • "properties": {
    },
  • "source": {
    },
  • "target": {
    }
}

Update Profile Mapping

Updates an existing Profile Mapping by adding, updating, or removing one or many Property Mappings.

Authorizations:
path Parameters
mappingId
required
string
Request Body schema: application/json
object (ProfileMappingSource)
object (ProfileMappingSource)

Responses

Request samples

Content type
application/json
{
  • "source": { },
  • "target": { }
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "id": "string",
  • "properties": {
    },
  • "source": {
    },
  • "target": {
    }
}

UserSchema

Fetches the Schema for an App User

Fetches the Schema for an App User

Authorizations:
path Parameters
appInstanceId
required
string

Responses

Response samples

Content type
application/json
{
  • "$schema": "string",
  • "_links": {
    },
  • "created": "string",
  • "definitions": {
    },
  • "id": "string",
  • "lastUpdated": "string",
  • "name": "string",
  • "properties": {
    },
  • "title": "string",
  • "type": "string"
}

Partial updates on the User Profile properties of the Application User Schema.

Partial updates on the User Profile properties of the Application User Schema.

Authorizations:
path Parameters
appInstanceId
required
string
Request Body schema: application/json
object (UserSchemaDefinitions)
title
string

Responses

Request samples

Content type
application/json
{
  • "definitions": {
    },
  • "title": "string"
}

Response samples

Content type
application/json
{
  • "$schema": "string",
  • "_links": {
    },
  • "created": "string",
  • "definitions": {
    },
  • "id": "string",
  • "lastUpdated": "string",
  • "name": "string",
  • "properties": {
    },
  • "title": "string",
  • "type": "string"
}

Fetches the schema for a Schema Id.

Fetches the schema for a Schema Id.

Authorizations:
path Parameters
schemaId
required
string

Responses

Response samples

Content type
application/json
{
  • "$schema": "string",
  • "_links": {
    },
  • "created": "string",
  • "definitions": {
    },
  • "id": "string",
  • "lastUpdated": "string",
  • "name": "string",
  • "properties": {
    },
  • "title": "string",
  • "type": "string"
}

updateUserProfile

Partial updates on the User Profile properties of the user schema.

Authorizations:
path Parameters
schemaId
required
string
Request Body schema: application/json
object (UserSchemaDefinitions)
title
string

Responses

Request samples

Content type
application/json
{
  • "definitions": {
    },
  • "title": "string"
}

Response samples

Content type
application/json
{
  • "$schema": "string",
  • "_links": {
    },
  • "created": "string",
  • "definitions": {
    },
  • "id": "string",
  • "lastUpdated": "string",
  • "name": "string",
  • "properties": {
    },
  • "title": "string",
  • "type": "string"
}

LinkedObject

listLinkedObjectDefinitions

Success

Authorizations:

Responses

Response samples

Content type
application/json
[
  • {
    }
]

addLinkedObjectDefinition

Success

Authorizations:
Request Body schema: application/json
object (LinkedObjectDetails)
object (LinkedObjectDetails)

Responses

Request samples

Content type
application/json
{
  • "associated": {
    },
  • "primary": {
    }
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "associated": {
    },
  • "primary": {
    }
}

deleteLinkedObjectDefinition

Success

Authorizations:
path Parameters
linkedObjectName
required
string

Responses

getLinkedObjectDefinition

Success

Authorizations:
path Parameters
linkedObjectName
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "associated": {
    },
  • "primary": {
    }
}

UserType

listUserTypes

Fetches all User Types in your org

Authorizations:

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createUserType

Creates a new User Type. A default User Type is automatically created along with your org, and you may add another 9 User Types for a maximum of 10.

Authorizations:
Request Body schema: application/json
description
string
displayName
string
id
string
name
string

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string"
}

deleteUserType

Deletes a User Type permanently. This operation is not permitted for the default type, nor for any User Type that has existing users

Authorizations:
path Parameters
typeId
required
string

Responses

getUserType

Fetches a User Type by ID. The special identifier default may be used to fetch the default User Type.

Authorizations:
path Parameters
typeId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string"
}

updateUserType

Updates an existing User Type

Authorizations:
path Parameters
typeId
required
string
Request Body schema: application/json
description
string
displayName
string
id
string
name
string

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string"
}

replaceUserType

Replace an existing User Type

Authorizations:
path Parameters
typeId
required
string
Request Body schema: application/json
description
string
displayName
string
id
string
name
string

Responses

Request samples

Content type
application/json
{
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "default": true,
  • "description": "string",
  • "displayName": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string"
}

Policy

listPolicies

Gets all policies with the specified type.

Authorizations:
query Parameters
type
required
string
status
string
expand
string
Default: ""

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createPolicy

Creates a policy.

Authorizations:
query Parameters
activate
boolean
Default: true
Request Body schema: application/json
object (PolicyRuleConditions)
description
string
name
string
priority
integer
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (PolicyType)
Enum: "OAUTH_AUTHORIZATION_POLICY" "OKTA_SIGN_ON" "PASSWORD" "IDP_DISCOVERY"

Responses

Request samples

Content type
application/json
{
  • "conditions": {
    },
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

deletePolicy

Removes a policy.

Authorizations:
path Parameters
policyId
required
string

Responses

getPolicy

Gets a policy.

Authorizations:
path Parameters
policyId
required
string
query Parameters
expand
string
Default: ""

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

updatePolicy

Updates a policy.

Authorizations:
path Parameters
policyId
required
string
Request Body schema: application/json
object (PolicyRuleConditions)
description
string
name
string
priority
integer
status
string
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (PolicyType)
Enum: "OAUTH_AUTHORIZATION_POLICY" "OKTA_SIGN_ON" "PASSWORD" "IDP_DISCOVERY"

Responses

Request samples

Content type
application/json
{
  • "conditions": {
    },
  • "description": "string",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": true,
  • "type": "OAUTH_AUTHORIZATION_POLICY"
}

activatePolicy

Activates a policy.

Authorizations:
path Parameters
policyId
required
string

Responses

deactivatePolicy

Deactivates a policy.

Authorizations:
path Parameters
policyId
required
string

Responses

listPolicyRules

Enumerates all policy rules.

Authorizations:
path Parameters
policyId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createPolicyRule

Creates a policy rule.

Authorizations:
path Parameters
policyId
required
string
Request Body schema: application/json
object (PolicyRuleActions)
object (PolicyRuleConditions)
name
string
priority
integer
status
string
Default: "ACTIVE"
Enum: "ACTIVE" "INACTIVE"
system
boolean
Default: false
type
string
Enum: "SIGN_ON" "PASSWORD"

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "SIGN_ON"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "SIGN_ON"
}

deletePolicyRule

Removes a policy rule.

Authorizations:
path Parameters
policyId
required
string
ruleId
required
string

Responses

getPolicyRule

Gets a policy rule.

Authorizations:
path Parameters
policyId
required
string
ruleId
required
string

Responses

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "SIGN_ON"
}

updatePolicyRule

Updates a policy rule.

Authorizations:
path Parameters
policyId
required
string
ruleId
required
string
Request Body schema: application/json
object (PolicyRuleActions)
object (PolicyRuleConditions)
name
string
priority
integer
status
string
Default: "ACTIVE"
Enum: "ACTIVE" "INACTIVE"
system
boolean
Default: false
type
string
Enum: "SIGN_ON" "PASSWORD"

Responses

Request samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "SIGN_ON"
}

Response samples

Content type
application/json
{
  • "actions": {
    },
  • "conditions": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "priority": 0,
  • "status": "ACTIVE",
  • "system": false,
  • "type": "SIGN_ON"
}

activatePolicyRule

Activates a policy rule.

Authorizations:
path Parameters
policyId
required
string
ruleId
required
string

Responses

deactivatePolicyRule

Deactivates a policy rule.

Authorizations:
path Parameters
policyId
required
string
ruleId
required
string

Responses

Session

Create Session with Session Token

Creates a new session for a user with a valid session token. Use this API if, for example, you want to set the session cookie yourself instead of allowing Okta to set it, or want to hold the session ID in order to delete a session via the API instead of visiting the logout URL.

Authorizations:
Request Body schema: application/json
sessionToken
string

Responses

Request samples

Content type
application/json
{
  • "sessionToken": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "amr": [
    ],
  • "createdAt": "2019-08-24T14:15:22Z",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "idp": {
    },
  • "lastFactorVerification": "2019-08-24T14:15:22Z",
  • "lastPasswordVerification": "2019-08-24T14:15:22Z",
  • "login": "string",
  • "status": "ACTIVE",
  • "userId": "string"
}

Close Session

Authorizations:
path Parameters
sessionId
required
string

Responses

getSession

Get details about a session.

Authorizations:
path Parameters
sessionId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "amr": [
    ],
  • "createdAt": "2019-08-24T14:15:22Z",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "idp": {
    },
  • "lastFactorVerification": "2019-08-24T14:15:22Z",
  • "lastPasswordVerification": "2019-08-24T14:15:22Z",
  • "login": "string",
  • "status": "ACTIVE",
  • "userId": "string"
}

Refresh Session

Authorizations:
path Parameters
sessionId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "amr": [
    ],
  • "createdAt": "2019-08-24T14:15:22Z",
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "idp": {
    },
  • "lastFactorVerification": "2019-08-24T14:15:22Z",
  • "lastPasswordVerification": "2019-08-24T14:15:22Z",
  • "login": "string",
  • "status": "ACTIVE",
  • "userId": "string"
}

Template

List SMS Templates

Enumerates custom SMS templates in your organization. A subset of templates can be returned that match a template type.

Authorizations:
query Parameters
templateType
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add SMS Template

Adds a new custom SMS template to your organization.

Authorizations:
Request Body schema: application/json
name
string
template
string
translations
object (SmsTemplateTranslations)
type
string (SmsTemplateType)
Value: "SMS_VERIFY_CODE"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Remove SMS Template

Removes an SMS template.

Authorizations:
path Parameters
templateId
required
string

Responses

Get SMS Template

Fetches a specific template by id

Authorizations:
path Parameters
templateId
required
string

Responses

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Partial SMS Template Update

Updates only some of the SMS template properties:

Authorizations:
path Parameters
templateId
required
string
Request Body schema: application/json
name
string
template
string
translations
object (SmsTemplateTranslations)
type
string (SmsTemplateType)
Value: "SMS_VERIFY_CODE"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Update SMS Template

Updates the SMS template.

Authorizations:
path Parameters
templateId
required
string
Request Body schema: application/json
name
string
template
string
translations
object (SmsTemplateTranslations)
type
string (SmsTemplateType)
Value: "SMS_VERIFY_CODE"

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

Response samples

Content type
application/json
{
  • "created": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "name": "string",
  • "template": "string",
  • "translations": { },
  • "type": "SMS_VERIFY_CODE"
}

ThreatInsight

getCurrentConfiguration

Gets current ThreatInsight configuration

Authorizations:

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "action": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "excludeZones": [
    ],
  • "lastUpdated": "2019-08-24T14:15:22Z"
}

updateConfiguration

Updates ThreatInsight configuration

Authorizations:
Request Body schema: application/json
action
string
excludeZones
Array of strings

Responses

Request samples

Content type
application/json
{
  • "action": "string",
  • "excludeZones": [
    ]
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "action": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "excludeZones": [
    ],
  • "lastUpdated": "2019-08-24T14:15:22Z"
}

TrustedOrigin

listOrigins

Success

Authorizations:
query Parameters
q
string
filter
string
after
string
limit
integer <int32>
Default: -1

Responses

Response samples

Content type
application/json
[
  • {
    }
]

createOrigin

Success

Authorizations:
Request Body schema: application/json
createdBy
string
lastUpdatedBy
string
name
string
origin
string
Array of objects (Scope)
status
string

Responses

Request samples

Content type
application/json
{
  • "createdBy": "string",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

deleteOrigin

Success

Authorizations:
path Parameters
trustedOriginId
required
string

Responses

getOrigin

Success

Authorizations:
path Parameters
trustedOriginId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

updateOrigin

Success

Authorizations:
path Parameters
trustedOriginId
required
string
Request Body schema: application/json
createdBy
string
lastUpdatedBy
string
name
string
origin
string
Array of objects (Scope)
status
string

Responses

Request samples

Content type
application/json
{
  • "createdBy": "string",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

activateOrigin

Success

Authorizations:
path Parameters
trustedOriginId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

deactivateOrigin

Success

Authorizations:
path Parameters
trustedOriginId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": "string",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "lastUpdatedBy": "string",
  • "name": "string",
  • "origin": "string",
  • "scopes": [
    ],
  • "status": "string"
}

User

List Users

Lists users in your organization with pagination in most cases. A subset of users can be returned that match a supported filter expression or search criteria.

Authorizations:
query Parameters
q
string

Finds a user that matches firstName, lastName, and email properties

after
string

Specifies the pagination cursor for the next page of users

limit
integer <int32>
Default: 10

Specifies the number of results returned

filter
string

Filters users with a supported expression for a subset of properties

search
string

Searches for users with a supported filtering expression for most properties

sortBy
string
sortOrder
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create User

Creates a new user in your Okta organization with or without credentials.

Authorizations:
query Parameters
activate
boolean
Default: true

Executes activation lifecycle operation when creating the user

provider
boolean
Default: false

Indicates whether to create a user with a specified authentication provider

nextLogin
string
Default: ""

With activate=true, set nextLogin to "changePassword" to have the password be EXPIRED, so user must change it the next time they log in.

Request Body schema: application/json
object (UserCredentials)
groupIds
Array of strings
object (UserProfile)
object (UserType)

Responses

Request samples

Content type
application/json
{
  • "credentials": {
    },
  • "groupIds": [
    ],
  • "profile": {
    },
  • "type": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "activated": "2019-08-24T14:15:22Z",
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "id": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "status": "ACTIVE",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

setLinkedObjectForUser

Authorizations:
path Parameters
associatedUserId
required
string
primaryRelationshipName
required
string
primaryUserId
required
string

Responses

Delete User

Deletes a user permanently. This operation can only be performed on users that have a DEPROVISIONED status. This action cannot be recovered!

Authorizations:
path Parameters
userId
required
string
query Parameters
sendEmail
boolean
Default: false

Responses

Get User

Fetches a user from your Okta organization.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "activated": "2019-08-24T14:15:22Z",
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "id": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "status": "ACTIVE",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

partialUpdateUser

Fetch a user by id, login, or login shortname if the short name is unambiguous.

Authorizations:
path Parameters
userId
required
string
query Parameters
strict
boolean
Request Body schema: application/json
object (UserCredentials)
object (UserProfile)
status
string (UserStatus)
Enum: "ACTIVE" "DEPROVISIONED" "LOCKED_OUT" "PASSWORD_EXPIRED" "PROVISIONED" "RECOVERY" "STAGED" "SUSPENDED"
transitioningToStatus
string (UserStatus)
Enum: "ACTIVE" "DEPROVISIONED" "LOCKED_OUT" "PASSWORD_EXPIRED" "PROVISIONED" "RECOVERY" "STAGED" "SUSPENDED"
object (UserType)

Responses

Request samples

Content type
application/json
{
  • "credentials": {
    },
  • "profile": {
    },
  • "status": "ACTIVE",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "activated": "2019-08-24T14:15:22Z",
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "id": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "status": "ACTIVE",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

Update User

Update a user's profile and/or credentials using strict-update semantics.

Authorizations:
path Parameters
userId
required
string
query Parameters
strict
boolean
Request Body schema: application/json
object (UserCredentials)
object (UserProfile)
status
string (UserStatus)
Enum: "ACTIVE" "DEPROVISIONED" "LOCKED_OUT" "PASSWORD_EXPIRED" "PROVISIONED" "RECOVERY" "STAGED" "SUSPENDED"
transitioningToStatus
string (UserStatus)
Enum: "ACTIVE" "DEPROVISIONED" "LOCKED_OUT" "PASSWORD_EXPIRED" "PROVISIONED" "RECOVERY" "STAGED" "SUSPENDED"
object (UserType)

Responses

Request samples

Content type
application/json
{
  • "credentials": {
    },
  • "profile": {
    },
  • "status": "ACTIVE",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "activated": "2019-08-24T14:15:22Z",
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "id": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "status": "ACTIVE",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

listUserClients

Lists all client resources for which the specified user has grants or tokens.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeGrantsForUserAndClient

Revokes all grants for the specified user and client

Authorizations:
path Parameters
userId
required
string
clientId
required
string

Responses

listGrantsForUserAndClient

Lists all grants for a specified user and client

Authorizations:
path Parameters
userId
required
string
clientId
required
string
query Parameters
expand
string
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeTokensForUserAndClient

Revokes all refresh tokens issued for the specified User and Client.

Authorizations:
path Parameters
userId
required
string
clientId
required
string

Responses

listRefreshTokensForUserAndClient

Lists all refresh tokens issued for the specified User and Client.

Authorizations:
path Parameters
userId
required
string
clientId
required
string
query Parameters
expand
string
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeTokenForUserAndClient

Revokes the specified refresh token.

Authorizations:
path Parameters
userId
required
string
clientId
required
string
tokenId
required
string

Responses

getRefreshTokenForUserAndClient

Gets a refresh token issued for the specified User and Client.

Authorizations:
path Parameters
userId
required
string
clientId
required
string
tokenId
required
string
query Parameters
expand
string
limit
integer
Default: 20
after
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    },
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopes": [
    ],
  • "status": "ACTIVE",
  • "userId": "string"
}

Change Password

Changes a user's password by validating the user's current password. This operation can only be performed on users in STAGED, ACTIVE, PASSWORD_EXPIRED, or RECOVERY status that have a valid password credential

Authorizations:
path Parameters
userId
required
string
query Parameters
strict
boolean
Request Body schema: application/json
object (PasswordCredential)
object (PasswordCredential)

Responses

Request samples

Content type
application/json
{
  • "newPassword": {
    },
  • "oldPassword": {
    }
}

Response samples

Content type
application/json
{
  • "password": {
    },
  • "provider": {
    },
  • "recovery_question": {
    }
}

Change Recovery Question

Changes a user's recovery question & answer credential by validating the user's current password. This operation can only be performed on users in STAGED, ACTIVE or RECOVERY status that have a valid password credential

Authorizations:
path Parameters
userId
required
string
Request Body schema: application/json
object (PasswordCredential)
object (AuthenticationProvider)
object (RecoveryQuestionCredential)

Responses

Request samples

Content type
application/json
{
  • "password": {
    },
  • "provider": {
    },
  • "recovery_question": {
    }
}

Response samples

Content type
application/json
{
  • "password": {
    },
  • "provider": {
    },
  • "recovery_question": {
    }
}

Forgot Password

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
{
  • "resetPasswordUrl": "string"
}

revokeUserGrants

Revokes all grants for a specified user

Authorizations:
path Parameters
userId
required
string

Responses

listUserGrants

Lists all grants for the specified user

Authorizations:
path Parameters
userId
required
string
query Parameters
scopeId
string
expand
string
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

revokeUserGrant

Revokes one grant for a specified user

Authorizations:
path Parameters
userId
required
string
grantId
required
string

Responses

getUserGrant

Gets a grant for the specified user

Authorizations:
path Parameters
userId
required
string
grantId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "clientId": "string",
  • "created": "2019-08-24T14:15:22Z",
  • "createdBy": {
    },
  • "id": "string",
  • "issuer": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "scopeId": "string",
  • "source": "END_USER",
  • "status": "ACTIVE",
  • "userId": "string"
}

Get Member Groups

Fetches the groups of which the user is a member.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Listing IdPs associated with a user

Lists the IdPs associated with the user.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Activate User

Activates a user. This operation can only be performed on users with a STAGED status. Activation of a user is an asynchronous operation. The user will have the transitioningToStatus property with a value of ACTIVE during activation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of ACTIVE when the activation process is complete.

Authorizations:
path Parameters
userId
required
string
query Parameters
sendEmail
required
boolean
Default: true

Sends an activation email to the user if true

Responses

Response samples

Content type
application/json
{
  • "activationToken": "string",
  • "activationUrl": "string"
}

Deactivate User

Deactivates a user. This operation can only be performed on users that do not have a DEPROVISIONED status. Deactivation of a user is an asynchronous operation. The user will have the transitioningToStatus property with a value of DEPROVISIONED during deactivation to indicate that the user hasn't completed the asynchronous operation. The user will have a status of DEPROVISIONED when the deactivation process is complete.

Authorizations:
path Parameters
userId
required
string
query Parameters
sendEmail
boolean
Default: false

Responses

Expire Password

This operation transitions the user to the status of PASSWORD_EXPIRED so that the user is required to change their password at their next login.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "activated": "2019-08-24T14:15:22Z",
  • "created": "2019-08-24T14:15:22Z",
  • "credentials": {
    },
  • "id": "string",
  • "lastLogin": "2019-08-24T14:15:22Z",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "passwordChanged": "2019-08-24T14:15:22Z",
  • "profile": {
    },
  • "status": "ACTIVE",
  • "statusChanged": "2019-08-24T14:15:22Z",
  • "transitioningToStatus": "ACTIVE",
  • "type": {
    }
}

Expire Password

This operation transitions the user to the status of PASSWORD_EXPIRED and the user's password is reset to a temporary password that is returned.

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
{
  • "tempPassword": "string"
}

Reactivate User

Reactivates a user. This operation can only be performed on users with a PROVISIONED status. This operation restarts the activation workflow if for some reason the user activation was not completed when using the activationToken from Activate User.

Authorizations:
path Parameters
userId
required
string
query Parameters
sendEmail
boolean
Default: false

Sends an activation email to the user if true

Responses

Response samples

Content type
application/json
{
  • "activationToken": "string",
  • "activationUrl": "string"
}

Reset Factors

This operation resets all factors for the specified user. All MFA factor enrollments returned to the unenrolled state. The user's status remains ACTIVE. This link is present only if the user is currently enrolled in one or more MFA factors.

Authorizations:
path Parameters
userId
required
string

Responses

Reset Password

Generates a one-time token (OTT) that can be used to reset a user's password. The OTT link can be automatically emailed to the user or returned to the API caller and distributed using a custom flow.

Authorizations:
path Parameters
userId
required
string
query Parameters
sendEmail
required
boolean

Responses

Response samples

Content type
application/json
{
  • "resetPasswordUrl": "string"
}

Suspend User

Suspends a user. This operation can only be performed on users with an ACTIVE status. The user will have a status of SUSPENDED when the process is complete.

Authorizations:
path Parameters
userId
required
string

Responses

Unlock User

Unlocks a user with a LOCKED_OUT status and returns them to ACTIVE status. Users will be able to login with their current password.

Authorizations:
path Parameters
userId
required
string

Responses

Unsuspend User

Unsuspends a user and returns them to the ACTIVE state. This operation can only be performed on users that have a SUSPENDED status.

Authorizations:
path Parameters
userId
required
string

Responses

removeLinkedObjectForUser

Delete linked objects for a user, relationshipName can be ONLY a primary relationship name

Authorizations:
path Parameters
userId
required
string
relationshipName
required
string

Responses

getLinkedObjectsForUser

Get linked objects for a user, relationshipName can be a primary or associated relationship name

Authorizations:
path Parameters
userId
required
string
relationshipName
required
string
query Parameters
after
string
limit
integer <int32>
Default: -1

Responses

Response samples

Content type
application/json
[
  • { }
]

listAssignedRolesForUser

Lists all roles assigned to a user.

Authorizations:
path Parameters
userId
required
string
query Parameters
expand
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

assignRoleToUser

Assigns a role to a user.

Authorizations:
path Parameters
userId
required
string
query Parameters
disableNotifications
string
Request Body schema: application/json
type
string (RoleType)
Enum: "SUPER_ADMIN" "ORG_ADMIN" "APP_ADMIN" "USER_ADMIN" "HELP_DESK_ADMIN" "READ_ONLY_ADMIN" "MOBILE_ADMIN" "API_ACCESS_MANAGEMENT_ADMIN" "REPORT_ADMIN"

Responses

Request samples

Content type
application/json
{
  • "type": "SUPER_ADMIN"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "assignmentType": "GROUP",
  • "created": "2019-08-24T14:15:22Z",
  • "description": "string",
  • "id": "string",
  • "label": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "status": "ACTIVE",
  • "type": "SUPER_ADMIN"
}

removeRoleFromUser

Unassigns a role from a user.

Authorizations:
path Parameters
userId
required
string
roleId
required
string

Responses

listApplicationTargetsForApplicationAdministratorRoleForUser

Lists all App targets for an APP_ADMIN Role assigned to a User. This methods return list may include full Applications or Instances. The response for an instance will have an ID value, while Application will not have an ID.

Authorizations:
path Parameters
userId
required
string
roleId
required
string
query Parameters
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

addAllAppsAsTargetToRole

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string

Responses

removeApplicationTargetFromApplicationAdministratorRoleForUser

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string
appName
required
string

Responses

addApplicationTargetToAdminRoleForUser

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string
appName
required
string

Responses

Remove App Instance Target to App Administrator Role given to a User

Remove App Instance Target to App Administrator Role given to a User

Authorizations:
path Parameters
userId
required
string
roleId
required
string
appName
required
string
applicationId
required
string

Responses

Add App Instance Target to App Administrator Role given to a User

Add App Instance Target to App Administrator Role given to a User

Authorizations:
path Parameters
userId
required
string
roleId
required
string
appName
required
string
applicationId
required
string

Responses

listGroupTargetsForRole

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string
query Parameters
after
string
limit
integer <int32>
Default: 20

Responses

Response samples

Content type
application/json
[
  • {
    }
]

removeGroupTargetFromRole

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string
groupId
required
string

Responses

addGroupTargetToRole

Success

Authorizations:
path Parameters
userId
required
string
roleId
required
string
groupId
required
string

Responses

clearUserSessions

Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.

Authorizations:
path Parameters
userId
required
string
query Parameters
oauthTokens
boolean
Default: false

Revoke issued OpenID Connect and OAuth refresh and access tokens

Responses

UserFactor

listFactors

Enumerates all the enrolled factors for the specified user

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Enroll Factor

Enrolls a user with a supported factor.

Authorizations:
path Parameters
userId
required
string
query Parameters
updatePhone
boolean
Default: false
templateId
string

id of SMS template (only for SMS factor)

tokenLifetimeSeconds
integer <int32>
Default: 300
activate
boolean
Default: false
Request Body schema: application/json

Factor

factorType
string (FactorType)
Enum: "call" "email" "hotp" "push" "question" "sms" "token:hardware" "token:hotp" "token:software:totp" "token" "u2f" "web" "webauthn"
provider
string (FactorProvider)
Enum: "OKTA" "RSA" "FIDO" "GOOGLE" "SYMANTEC" "DUO" "YUBICO" "CUSTOM"
status
string (FactorStatus)
Enum: "PENDING_ACTIVATION" "ACTIVE" "INACTIVE" "NOT_SETUP" "ENROLLED" "DISABLED" "EXPIRED"
object (VerifyFactorRequest)

Responses

Request samples

Content type
application/json
{
  • "factorType": "call",
  • "provider": "OKTA",
  • "status": "PENDING_ACTIVATION",
  • "verify": {
    }
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "factorType": "call",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "provider": "OKTA",
  • "status": "PENDING_ACTIVATION",
  • "verify": {
    }
}

listSupportedFactors

Enumerates all the supported factors that can be enrolled for the specified user

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

listSupportedSecurityQuestions

Enumerates all available security questions for a user's question factor

Authorizations:
path Parameters
userId
required
string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

deleteFactor

Unenrolls an existing factor for the specified user, allowing the user to enroll a new factor.

Authorizations:
path Parameters
userId
required
string
factorId
required
string

Responses

getFactor

Fetches a factor for the specified user

Authorizations:
path Parameters
userId
required
string
factorId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "factorType": "call",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "provider": "OKTA",
  • "status": "PENDING_ACTIVATION",
  • "verify": {
    }
}

Activate Factor

The sms and token:software:totp factor types require activation to complete the enrollment process.

Authorizations:
path Parameters
userId
required
string
factorId
required
string
Request Body schema: application/json
attestation
string
clientData
string
passCode
string
registrationData
string
stateToken
string

Responses

Request samples

Content type
application/json
{
  • "attestation": "string",
  • "clientData": "string",
  • "passCode": "string",
  • "registrationData": "string",
  • "stateToken": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "created": "2019-08-24T14:15:22Z",
  • "factorType": "call",
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "provider": "OKTA",
  • "status": "PENDING_ACTIVATION",
  • "verify": {
    }
}

getFactorTransactionStatus

Polls factors verification transaction for status.

Authorizations:
path Parameters
userId
required
string
factorId
required
string
transactionId
required
string

Responses

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "factorResult": "SUCCESS",
  • "factorResultMessage": "string"
}

Verify MFA Factor

Verifies an OTP for a token or token:hardware factor

Authorizations:
path Parameters
userId
required
string
factorId
required
string
query Parameters
templateId
string
tokenLifetimeSeconds
integer <int32>
Default: 300
header Parameters
X-Forwarded-For
string
User-Agent
string
Accept-Language
string
Request Body schema: application/json
activationToken
string
answer
string
attestation
string
clientData
string
nextPassCode
string
passCode
string
registrationData
string
stateToken
string

Responses

Request samples

Content type
application/json
{
  • "activationToken": "string",
  • "answer": "string",
  • "attestation": "string",
  • "clientData": "string",
  • "nextPassCode": "string",
  • "passCode": "string",
  • "registrationData": "string",
  • "stateToken": "string"
}

Response samples

Content type
application/json
{
  • "_embedded": {
    },
  • "_links": {
    },
  • "expiresAt": "2019-08-24T14:15:22Z",
  • "factorResult": "SUCCESS",
  • "factorResultMessage": "string"
}

NetworkZone

List Network Zones

Enumerates network zones added to your organization with pagination. A subset of zones can be returned that match a supported filter expression or query.

Authorizations:
query Parameters
after
string

Specifies the pagination cursor for the next page of network zones

limit
integer <int32>
Default: -1

Specifies the number of results for a page

filter
string

Filters zones by usage or id expression

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add Network Zone

Adds a new network zone to your Okta organization.

Authorizations:
Request Body schema: application/json
asns
Array of strings
Array of objects (NetworkZoneAddress)
Array of objects (NetworkZoneLocation)
name
string
Array of objects (NetworkZoneAddress)
proxyType
string
status
string (NetworkZoneStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (NetworkZoneType)
Enum: "IP" "DYNAMIC"
usage
string (NetworkZoneUsage)
Enum: "POLICY" "BLOCKLIST"

Responses

Request samples

Content type
application/json
{
  • "asns": [
    ],
  • "gateways": [
    ],
  • "locations": [
    ],
  • "name": "string",
  • "proxies": [
    ],
  • "proxyType": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "type": "IP",
  • "usage": "POLICY"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "asns": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "gateways": [
    ],
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "locations": [
    ],
  • "name": "string",
  • "proxies": [
    ],
  • "proxyType": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "type": "IP",
  • "usage": "POLICY"
}

Delete Network Zone

Removes network zone.

Authorizations:
path Parameters
zoneId
required
string

Responses

Get Network Zone

Fetches a network zone from your Okta organization by id.

Authorizations:
path Parameters
zoneId
required
string

Responses

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "asns": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "gateways": [
    ],
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "locations": [
    ],
  • "name": "string",
  • "proxies": [
    ],
  • "proxyType": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "type": "IP",
  • "usage": "POLICY"
}

Update Network Zone

Updates a network zone in your organization.

Authorizations:
path Parameters
zoneId
required
string
Request Body schema: application/json
asns
Array of strings
Array of objects (NetworkZoneAddress)
Array of objects (NetworkZoneLocation)
name
string
Array of objects (NetworkZoneAddress)
proxyType
string
status
string (NetworkZoneStatus)
Enum: "ACTIVE" "INACTIVE"
system
boolean
type
string (NetworkZoneType)
Enum: "IP" "DYNAMIC"
usage
string (NetworkZoneUsage)
Enum: "POLICY" "BLOCKLIST"

Responses

Request samples

Content type
application/json
{
  • "asns": [
    ],
  • "gateways": [
    ],
  • "locations": [
    ],
  • "name": "string",
  • "proxies": [
    ],
  • "proxyType": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "type": "IP",
  • "usage": "POLICY"
}

Response samples

Content type
application/json
{
  • "_links": {
    },
  • "asns": [
    ],
  • "created": "2019-08-24T14:15:22Z",
  • "gateways": [
    ],
  • "id": "string",
  • "lastUpdated": "2019-08-24T14:15:22Z",
  • "locations": [
    ],
  • "name": "string",
  • "proxies": [
    ],
  • "proxyType": "string",
  • "status": "ACTIVE",
  • "system": true,
  • "type": "IP",
  • "usage": "POLICY"
}

Activate Network Zone

Activate Network Zone

Authorizations:
path Parameters
zoneId
required
string

Responses

Deactivate Network Zone

Deactivates a network zone.

Authorizations:
path Parameters
zoneId
required
string

Responses